Mit dem Februar kommt ein neuer Patch-Dienstag mit 56 CVEs; darunter 11 als „kritisch“, 42 als „wichtig“ und drei als „mittel“ bewertete Patches. Auf der Liste der als „kritisch“ eingestuften Schwachstellen finden Sie Sicherheitslücken in .NET, verschiedenen Medien-Codecs, Windows DNS- und Fax-Diensten sowie zwei im Windows TCP/IP-Stack.
Die Liste der „wichtigen“ CVEs enthält Remote-Code-Execution(RCE)-Schwachstellen in MS Excel, Sharepoint und Visual Studio sowie Dutzende bei Privilege-Escalation- und Denial-of-Service-Sicherheitslücken. Insgesamt wurden sieben dieser Sicherheitslücken „in the wild“ als Zero-Day bei sehr gezielten Angriffen ausgenutzt. Dazu zählt auch eine RCE-Schwachstelle in .NET Core/Visual Studio. Dies macht diesen Patch-Zyklus wichtiger als je zuvor.
Patchen Sie so früh wie möglich und bleiben Sie sicher!
Kritisch
.NET Core and Visual Studio Remote Code Execution Vulnerability
CVE-2021-26701
Remote Code Execution
.NET Core for Linux Remote Code Execution Vulnerability
CVE-2021-24112
Remote Code Execution
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2021-24081
Remote Code Execution
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2021-24091
Remote Code Execution
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-24078
Remote Code Execution
Windows Fax Service Remote Code Execution Vulnerability
CVE-2021-1722, CVE-2021-24077
Remote Code Execution
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-24093
Remote Code Execution
Windows Local Spooler Remote Code Execution Vulnerability
CVE-2021-24088
Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074, CVE-2021-24094
Remote Code Execution
Wichtig
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1721
Denial of Service
Azure IoT CLI extension Elevation of Privilege Vulnerability
CVE-2021-24087
Defense in Depth
Microsoft Dataverse Information Disclosure Vulnerability
CVE-2021-24101
Information Disclosure
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2021-24092
Elevation of Privilege
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-1724
Spoofing
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100
Information Disclosure
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070
Remote Code Execution
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-1730, CVE-2021-24085
Spoofing
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-24071
Information Disclosure
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-24066, CVE-2021-24072
Remote Code Execution
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726
Spoofing
Microsoft Teams iOS Information Disclosure Vulnerability
CVE-2021-24114
Information Disclosure
Microsoft Windows VMSwitch Information Disclosure Vulnerability
CVE-2021-24076
Information Disclosure
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
CVE-2021-24082
Security Feature Bypass
Package Managers Configurations Remote Code Execution Vulnerability
CVE-2021-24105
Remote Code Execution
PFX Encryption Security Feature Bypass Vulnerability
CVE-2021-1731
Security Feature Bypass
Skype for Business and Lync Denial of Service Vulnerability
CVE-2021-24099
Denial of Service
Skype for Business and Lync Spoofing Vulnerability
CVE-2021-24073
Spoofing
Sysinternals PsExec Elevation of Privilege Vulnerability
CVE-2021-1733
Elevation of Privilege
System Center Operations Manager Elevation of Privilege Vulnerability
CVE-2021-1728
Elevation of Privilege
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
CVE-2021-26700
Remote Code Execution
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-1639
Remote Code Execution
Windows Address Book Remote Code Execution Vulnerability
CVE-2021-24083
Remote Code Execution
Windows Backup Engine Information Disclosure Vulnerability
CVE-2021-24079
Information Disclosure
Windows Console Driver Denial of Service Vulnerability
CVE-2021-24098
Denial of Service
Windows DirectX Information Disclosure Vulnerability
CVE-2021-24106
Information Disclosure
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-24102, CVE-2021-24103
Elevation of Privilege
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1727
Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-24096
Elevation of Privilege
Windows Mobile Device Management Information Disclosure Vulnerability
CVE-2021-24084
Information Disclosure
Windows Network File System Denial of Service Vulnerability
CVE-2021-24075
Denial of Service
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25195
Elevation of Privilege
Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2021-1734
Information Disclosure
Windows TCP/IP Denial of Service Vulnerability
CVE-2021-24086
Denial of Service
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1698, CVE-2021-1732
Elevation of Privilege
Mittel
.NET Framework Denial of Service Vulnerability
CVE-2021-24111
Denial of Service
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2021-24109
Elevation of Privilege
Windows Trust Verification API Denial of Service Vulnerability
CVE-2021-24080
Denial of Service